Free, Secure, Remote Hubitat Dashboard Access via VPN

dJOS · October 8, 2021, 4:19am

For those with a decent router (eg Synology RT2600ac and other high-end Routers ), you can set up a VPN Portal and put your Dashboard behind that. Eg:

On the Synology Routers, this is done via the "VPN Plus Server" App, and "Web Portals":

https://kb.synology.com/en-us/SRM/help/VPNPlusServer/vpnplus_server_webvpn?version=

Synology Router Prerequisite - You must have a Synology DDNS hostname and SSL Certificate setup for this to work. The SSL cert is free via LetsEncrypt - instructions below:

https://kb.synology.com/en-au/SRM/tutorial/How_to_set_up_Synology_SSL_VPN_and_WebVPN_using_Synology_DDNS_service

PS, I'm not trying to take money away from Hubitat, just showing that many of us will already have a Free, Secure, Remote Access solution already.

jasonbalsor · October 8, 2021, 3:35pm

I have this router and have setup Webvpn but for some reason it does not connect to hubitat internal IP. What browser do you use? I have tried chrome and edge, I get a warning that the connection is unsafe but click proceed but then it hangs.

dJOS · October 8, 2021, 10:39pm

Ah, I know what is causing that, I’ll update the instructions above with more detail today.

Short version, you need to enable Synolgy dynamic DNS, then use the option to use an SSL certificate from letsencrypt.

jasonbalsor · October 8, 2021, 11:07pm

Did all of those steps but may have missed something

dJOS · October 9, 2021, 2:43am

If you go into the Network centre App and the "QuickConnect & DDNS" tab, does yours looks like this?

In the VPN Plus App, You can validate your DDNS and Cert are correct via the following "Domain Settings" Tab.

Screen Shot 2021-10-09 at 1.48.27 pm

If you click "edit", you can double check your config:

Then in the "SSL VPN" tab it should look like this:

Then for the WebVPN Portal, I set up 3 entries, 1 each for admin access to my hubs, and one using the Hubitat "cloud" URL to access the Dashboards. You'll need to use a URL like "rooms" or the welcome page as you cant link directly to the dashboards page as it won't work.

jasonbalsor · October 9, 2021, 11:10am

Thanks for the great screenshots. Everything is set up correctly and the same as your setup. Still hangs when trying to connect to a portal. Do you have any ports open for webvpn or let's encrypt?

This is where it hangs

dJOS · October 9, 2021, 9:26pm

No worries.

Ah good point, I have only 1 port open on my router, 443 for VPN. I’ll post a screen capture after I’ve made breakfast for the family.

dJOS · October 9, 2021, 11:12pm

Ok, so I have no port forwarding etc enabled at all, even UPnP is off. What I do have is a single firewall rule allowing VPN - in the Network Centre App and "Firewall" Tab:

Screen Shot 2021-10-10 at 10.08.41 am

And I have it restricted to Australian IP ranges - If I ever get to go OS again, I'll add those countries before leaving home:
Screen Shot 2021-10-10 at 10.09.00 am

I dont even have the services enabled to go through the FW under that tab (specific FW rules are better):

PS, check the main security settings too:

jasonbalsor · October 9, 2021, 11:35pm

Thanks for taking the time. All my settings in the firewall are the same as yours except of course the region.

I can connect to the web vpn UI no problem just can't get to the hubitat.

Not sure what's going on

dJOS · October 9, 2021, 11:59pm

How odd, can you post your WebVPN config for the Hubitat?

jasonbalsor · October 10, 2021, 12:07am

Sure, it's the same as yours. At first I just had the ip but noticed yours was a little different so thought I'd try.

dJOS · October 10, 2021, 12:14am

Edit, I hadn’t Tried it since installing the latest Hubitat hotfix. Mines not working now either.

dJOS · October 10, 2021, 12:19am

Looks like we’ll need to use this on Hubitat to fix it:

jasonbalsor · October 10, 2021, 12:27am

I'm kind of a dummy when it comes to networking let me know when you figure it out😊

dJOS · October 10, 2021, 12:28am

I’m not an expert either, but I’ll let you know if I get it working.

jasonbalsor · October 10, 2021, 12:33am

On my phone I use the VPN plus app and once I connect to that I can access anything on my Lan. I just wanted the webvpn working to use from my work PC

dJOS · October 10, 2021, 2:53am

They've definitely broken this in .129 and I cant get around it for now. I've flagged it with Hubitat.

dJOS · October 11, 2021, 9:10pm

jasonbalsor · October 11, 2021, 9:16pm

Didn't solve it for me but it could be on my end as I've never had it working

danabw · October 11, 2021, 9:45pm

Always a good idea to look at what you have and see if you can gain additional functionality from it.

If you have an RPI there are any number of VPNs you can run...my favorite being Wireguard. Super fast, very secure, and has been completely reliable for me. I'm running it on my router, but there are guides available for setting up Wireguard (and other VPNs) on RPIs.